Thanks essexboy
Attached are the files from running OTL
Interestingly internet explorer is one of the few programmes that doens’t throw up the looking for netdtoh.dll error when i start it
You fail again. Coz this isn’t a programming error in any way. And, once again, FFS, this IS NOT A MBAM DLL.
Definitely nothing to do with MBAM
I thought I’d put an empty file called netdtoh.dll where all the programmes are looking for it
here’s the obvious error message that this caused attached
Firefox will not start at all - even after re-installing - though most other programmes do work even though they say they won’t because they need that netdtoh.dll
creating an empty file ???
but it cannot be executed because its empty, you can find only halt in initializing the application.
thanks for sharing the problems!!!
i try to experiment here what cause of that dll.
Regards!!!
All programmes that i start bring up the unable to locate netdtoh.dll component except for internet explorer which is the only programme which pulls up no error
firefox and other progammes which i think use firefox won’t start at all (ableton, battery - music software that updates via the internet)
uninstalled firefox and a couple of them started working again but still asking for that dll
why does every single thing think it needs this dll!!!
what version is your net framework?
i’ve just run the empty netdtoh.dll(dynamic link library) and its connected to my netframework 3.0
if you don’t mind try fixing also your netframwork if you have any version.
if failed then post what happen, we try experiment again
Regards!!!
Is the dll still in your avast! virus chest?
yes it is still in the chest - i’ve forwarded it to AVAST
Since it’s a generic detection, it could be an FP. Here we go, this may be a long step.
1 Create folder in your Desktop and name it as Test
2 Now, open avast! Interface > Settings > Exclusions
3 Click Browse then search for the folder Test and put a check beside it
4 Click OK
5 Now, navigate to Maintenance > Virus Chest
5 Locate the dll then right click and select Extract…
6 Select the folder Test as the location for extraction
7 After extracting, go here
8 Upload the dll file in the folder Test
9 Provide us a link to the results
Thanks for the suggestions!
Here is the link to the results from Virus Total…
Seems like it was a real infection, though a few AVs detect it. Glad to know.
You may now delete the folder and its exclusion, if avast! gives an alert, allow it to move the file in chest.
As of now, we have to wait for an analysis of the OTL logs.
Belated welcome to the forums anyway. 
There was no sign in the area I anticipated, so I will look in the secondary are
Run OTL
[*]Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL
O2 - BHO: (no name) - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - No CLSID value found.
O2 - BHO: (no name) - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {FE063DB9-4EC0-403E-8DD8-394C54984B2C} - No CLSID value found.
O33 - MountPoints2\{81054fa0-496f-11de-8f9c-00116768e28a}\Shell\AutoRun\command - "" = G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\scsaver.exe -- File not found
O33 - MountPoints2\{81054fa0-496f-11de-8f9c-00116768e28a}\Shell\open\command - "" = G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\scsaver.exe -- File not found
:Commands
[resethosts]
[purity]
[emptytemp]
[EMPTYFLASH]
[Reboot]
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
.
.
I would then like another OTL scan but this time with just one custom scan
.
.
[]Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
[]Under the Custom Scan box paste this in
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options /s
[*]Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
[*]When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
After Reboot OTL gave me this log file immediately
in post below
will now run quick scan and post results
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{9CB65201-89C4-402c-BA80-02D8C59F9B1D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{9CB65201-89C4-402c-BA80-02D8C59F9B1D}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{FE063DB1-4EC0-403e-8DD8-394C54984B2C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{FE063DB1-4EC0-403e-8DD8-394C54984B2C}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\{FE063DB9-4EC0-403e-8DD8-394C54984B2C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{FE063DB9-4EC0-403e-8DD8-394C54984B2C}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{FE063DB9-4EC0-403E-8DD8-394C54984B2C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{FE063DB9-4EC0-403E-8DD8-394C54984B2C}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2{81054fa0-496f-11de-8f9c-00116768e28a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{81054fa0-496f-11de-8f9c-00116768e28a}\ not found.
File G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\scsaver.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2{81054fa0-496f-11de-8f9c-00116768e28a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{81054fa0-496f-11de-8f9c-00116768e28a}\ not found.
File G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\scsaver.exe not found.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes
User: Hans Kayley
->Temp folder emptied: 7358628 bytes
->Temporary Internet Files folder emptied: 223563522 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 1973130 bytes
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 4352490 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 84066 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 10938184 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 34660779 bytes
Total Files Cleaned = 270.00 mb
[EMPTYFLASH]
User: All Users
User: Default User
->Flash cache emptied: 0 bytes
User: Hans Kayley
->Flash cache emptied: 0 bytes
User: LocalService
User: NetworkService
Total Flash Files Cleaned = 0.00 mb
OTL by OldTimer - Version 3.2.1.0 log created on 04052010_152110
Files\Folders moved on Reboot…
File\Folder C:\Documents and Settings\Hans Kayley\Local Settings\Temp~DFD6D6.tmp not found!
File\Folder C:\Documents and Settings\Hans Kayley\Local Settings\Temp~DFD6E2.tmp not found!
File\Folder C:\Documents and Settings\Hans Kayley\Local Settings\Temp~DFD73B.tmp not found!
File\Folder C:\Documents and Settings\Hans Kayley\Local Settings\Temp~DFD747.tmp not found!
File\Folder C:\Documents and Settings\Hans Kayley\Local Settings\Temp~DFD77D.tmp not found!
File\Folder C:\Documents and Settings\Hans Kayley\Local Settings\Temp~DFD789.tmp not found!
C:\Documents and Settings\Hans Kayley\Local Settings\Temporary Internet Files\Content.IE5\I9UXI7TH\index[2].htm moved successfully.
File move failed. C:\Documents and Settings\Hans Kayley\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp_avast4_\Webshlock.txt scheduled to be moved on reboot.
C:\WINDOWS\temp\Perflib_Perfdata_420.dat moved successfully.
Registry entries deleted on Reboot…
Quick Scan results attached
and finally…
the custom scan results (though I only got 1 notepad file??)
attached
Aye you will only get the extras first time around … Well it is not in the IFEO or LSA areas which are the normal hijack points
Can you confirm that FF will still not run and the dll popup still occurs
Download ComboFix from one of these locations:
* IMPORTANT !!! Save ComboFix.exe to your Desktop
[*]Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
[*]Double click on ComboFix.exe & follow the prompts.
[*]As part of it’s process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it’s strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
[*]Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it’s malware removal procedures.
http://img.photobucket.com/albums/v706/ried7/RcAuto1.gif
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
http://img.photobucket.com/albums/v706/ried7/whatnext.png
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Ok just reinstalled firefox… it will not launch ???
Just tried to open notepad - attached error pops up twice before Notepad does launch
Could you run Combofix now please